Skip to main content
rarora
Staff
rarora
Staff
March 6, 2020

Technical Tip: change name of the tab 'Firewall Policy'

  • March 6, 2020
  • 0 replies
  • 1667 views
Description
This article describes the change in name of the Tab 'Firewall Policy' when set to 'Policy-based' mode.

Scope
For version 6.2.3.

Solution
When the FortiGate is set in 'Policy-based mode', the feature 'Firewall policy' includes the below configurable options:
# config firewall consolidated policy
    edit 1
        set status enable
        set name "test"
        set uuid eeb8f3b8-5f7e-51ea-f029-b8ffe96c2d75
        set srcintf "port1"
        set dstintf "port2"
        set srcaddr4 "10.47.2.74_remote_subnet_1"
        set dstaddr4 "FABRIC_DEVICE"
        set srcaddr-negate disable
        set dstaddr-negate disable
        set service-negate disable
        set internet-service disable
        set internet-service-src disable
        set service "ALL_TCP"
        set ssl-ssh-profile "no-inspection"
        set diffserv-forward disable
        set diffserv-reverse disable
        set tcp-mss-sender 0
        set tcp-mss-receiver 0
        set session-ttl 0
        set comments ''
    next
end
After upgrading the FortiGate to OS 6.2.3,  the tab is now renamed as 'SSL Inspection and Authentication'.
The basic feature and functionality remains completely same except that there is one additional feature for asic offloading.

- set auto-asic-offload enable.

as shown below:   
    edit 1
        set status enable
        set name "Default"
        set uuid ec72e402-5f7d-51ea-5a20-b68b02512e11
        set srcintf "any"
        set dstintf "any"
        set srcaddr4 "all"
        set dstaddr4 "all"
        set srcaddr6 "all"
        set dstaddr6 "all"
        set srcaddr-negate disable
        set dstaddr-negate disable
        set service-negate disable
        set internet-service disable
        set internet-service-src disable
        set service "ALL"
        set ssl-ssh-profile "certificate-inspection"
        set auto-asic-offload enable
        set diffserv-forward disable
        set diffserv-reverse disable
        set tcp-mss-sender 0
        set tcp-mss-receiver 0
        set session-ttl 0
--More--                  set comments ''
--More--              next
--More--          end

Terms & ConditionsAccessibility statement